[mnet-devel] Re: [web-calculus] YURLs
Trevor Perrin
trevp at trevp.net
Sun Jul 20 23:55:38 BST 2003
At 04:25 PM 7/20/2003 -0400, Zooko wrote:
>[Following-up to my own e-mail letter to correct an error.]
>
> I, Zooko, wrote:
> >
> > If it matches its hash but the encryption key is wrong, then user sees
> random
> > garbage -- whatever the ciphertext decrypts to under the incorrect key.
> >
> > Hm -- *that* isn't good. In a future version of Mnet, an incorrect key
> will
> > also yield nothing but an error message.
> >
> > (I can't think of any scenarios in which the current behavior could be
> > exploited, but it still seems sub-optimal.)
>
>Actually, I was wrong about this. I'm pretty sure that you can't find an
>alternate symmetric key (other than the one actually used to encrypt) which
>will yield anything other than an error message.
Hi Zooko,
it looks like a bad symmetric key will cause the inode to decrypt
improperly, so the code that parses the inode will probably complain that
it's gibberish. It might be better to catch this error before parsing - if
the inodeId was an HMAC-SHA1 of the encrypted inode and the encryption key,
I think that would work.
Trevor
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
mnet-devel mailing list
mnet-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mnet-devel
More information about the Mnet-devel
mailing list